... by unparking the local heap before accessing the handles.
Bug: v8:7790
Change-Id: I0910fd8ad2a1e9cbbf312acb4f26358a09891f0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404455
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69852}
Only for the interpreter.
Change-Id: I2456a7d6b385b3b8ebcb3ff8782ea5586289bea6
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400343
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69851}
FLAG_local_heaps needs to be set before creating the context, otherwise
the StressConcurrentAllocatorTask is already started. Setting the flag
then races with background thread, which checks FLAG_local_heaps while
creating LocalHeap.
Bug: v8:10315
Change-Id: If6de748ec174dffb94a2582d24e37d24586ee95a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404823
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69850}
Currently, the generic wrapper is used for i32 and i64 params and 0 or 1
i32 return value.
Bug: v8:10701
Change-Id: I8c47e78fa9beeda01bdb647e1fcf9ebe6baf1ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403243
Commit-Queue: Eva Herencsárová <evih@google.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69849}
We used to store MinimorphicPropertyAccessInfo indexed on the feedback
slot id. This works fine when there is no inlining but returns the
wrong access information when functions are inlined. Index it
based on FeedbackSource to avoid these problems.
Bug: v8:10582,chromium:1125871
Change-Id: Id01010f3153f7e21495d73899a8604a64417ae95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401426
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69845}
Since the AllowHandleDereference scope doesn't happen for
kNeverSerialized (see https://crrev.com/c/v8/v8/+/2402033),
there is no need to have the extra if.
Bug: v8:7790
Change-Id: I4c9f93d2e754625e7b30aee61e2b502161bd60c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404770
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69843}
This optimization does not work when the stack arguments are reversed.
Change-Id: Ib543e6ca234cc70708909e0b3cd474b1309ec40e
Bug: chromium:1126769, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404775
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69842}
The problem here was that IncrementalMarking::Step was invoking
new_space()->ResetOriginalTop() which sets original_top to the current
top. IncrementalMarking::Step could be invoked during
InvokeAllocationObservers(), which is called right after acquiring a
new LAB and allocating the first object in it. However this first
allocation might be from generated code with allocation folding enabled.
The generated code might not use all of the memory it allocated and in
that process move top backwards again. Nevertheless
InvokeAllocationObservers() could already set original_top to the
current top. If the generated code later not uses all of that
memory, original_top can be bigger than top.
Fix this problem by ensuring that original_top always equals the LAB
start. Each time LAB start is moved/accounted for, original_top is now
updated as well for the new space. Also IncrementalMarking::Step()
isn't allowed to move original_top anymore.
Bug: chromium:1116278, v8:10315
Change-Id: Ib18a0b07e2665b8ba933555387b84329cbecdf5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398519
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69840}
The commit updates the way the usage is printed for cctest to make use
of HelpOptions which allows the usage string to be passed into
SetFlagsFromCommandLine function.
Change-Id: I8dcd48ca8bb7b025f77c0f05ab37ce4f7b6fae04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402032
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69839}
When creating and inserting strings into the string table, we have to
make sure that the writes to the string's fields (including its
characters) are not reordered to after the write of the string into the
table itself.
Thanks TSAN!
Bug: chromium:1011762
Change-Id: Ib8a22e3980f6b5c57561ca23549c1462c4c017c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404767
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69838}
- serializer-*:
In some stress configuration, the new map of x was GC'd at the beginning
of optimization, thus generating a soft-deopt for the store to x (thus
in turn skipping inlining of f).
- native-context-*:
In some stress configuration, f had its feedback flushed.
Bug: v8:10892
Change-Id: Icd9f9c0ba6feb938ae8c3b0031b02b766f2e3f91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404764
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69837}
Fix lowering of functions that returns the result of an
i8x16 or i16x8 operation.
Bug: v8:10507
Change-Id: Ia3b29e69cff7771f85dc5160937cbaf2bbc12b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2399049
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69832}
Since we are converting Int64x2 to Int32x4, we should be truncating
the nodes, not sign-extending.
Bug: v8:10507
Change-Id: I09dabdcaaa378842ffb4da5505199c188b5101f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404751
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69831}
This is a reland of f25cb50a2f
Removed the problematic tests.
The problem with the test was that we try to pop from an empty segment.
GCC flags that as accessing beyond the array (i.e. index is uint16_t
equivalent of -1). Preceding the actual pop is a DCHECK that asserts
the segment isn't empty. In practice, since we have the DCHECK and
access to the segment is always via a Local, this shouldn't be a
problem.
Unfortunately, GCC flags the access regardless. The DCHECK goes through
a function pointer so GCC cannot determine that in our unittest the
DCHECK would crash if index is 0 and the access would not happen (The
indirection was added to allow for test DCHECK handlers that don't
crash, so we can't mark the function pointer as noreturn).
Drive-by: Segment::Pop and Segment::Push rely on the their Local
counterparts checking of emptiness/fullness, so we should always
access segments via Locals. Making the Segment ctor private.
Original change's description:
> Reland "cppgc, heap: Don't eagerly allocate worklist segments"
>
> This is a reland of c99147c65e
>
> Original change's description:
> > cppgc, heap: Don't eagerly allocate worklist segments
> >
> > Bug: chromium:1056170
> > Change-Id: I75a6b5f52bfe8dd71abc086e5d1e060759ad7fc0
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2391254
> > Commit-Queue: Omer Katz <omerkatz@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#69778}
>
> Bug: chromium:1056170
> Change-Id: I4633da065976a6b2710d2f23b946fd2af0e65c83
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401425
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69806}
Bug: chromium:1056170
Change-Id: I7a122d1a2d20cd4e7c824d249975b4d3df30e03e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403251
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69829}
Add a bunch of lowering for I64x2 operations. This allows us to enable
most of the I64x2 tests in test-run-wasm-simd.cc.
Most of these lowering are straightforward. The load splat and load
extends need an additional operation to convert the loaded Word32 nodes
to Word64.
Bug: v8:10507
Change-Id: I6c948918c03904d2b6778223a95bb2e34b692a5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401954
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69827}
Tests failed from time-to-time with --stress-concurrent-allocation. So
run those tests with that flag disabled.
Bug: v8:10315
Change-Id: I8a2b9f03d7bcd8a797134510f608dffb78dd1cdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403257
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69826}
This reverts commit abb7cdc91f.
Reason for revert: regressions in jetstream2/gaussian-blur_sum
Original change's description:
> [regalloc] Loop-top values can be backedges too
>
> When counting which backedges conflict with a loop-top phi value, we
> should include values introduced at the start of the loop.
>
> I don't expect this change to make performance differences on its own,
> but it is a step toward changing the heuristic so that we're less likely
> to introduce unnecessary load/store pairs across the backedge.
>
> Bug: v8:10606
> Change-Id: I299e388b0b964573119ba0b775d50f398c467c46
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2385715
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#69752}
TBR=sigurds@chromium.org,yolanda.chen@intel.com,seth.brenith@microsoft.com,thibaudm@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:10606, chromium:1126663
Change-Id: Idde0b7c89f2376ae016e834fa37c38f3d9eb5c1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404020
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#69824}
This is a reland of d3b295fa52
Got speculatively reverted in https://crrev.com/c/v8/v8/+/2403256 but
doesn't seem to have been causing the TSAN failures
Original change's description:
> [compiler] Replace Symbol with direct reads
>
> Bug: v8:7790
> Change-Id: I49120a6349777fd992a97d697940e79b2e71dbd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400988
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69812}
Bug: v8:7790
Change-Id: I459f4bfc881c641258dcc46fc55fce21f9e03dec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403921
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69822}
Recheck flag in StressConcurrentAllocationObserver to allow tests
to not run the StressConcurrentAllocatorTask even though Isolate was
already initialized.
Bug: v8:10315
Change-Id: Ia683458216821c103d1ae455330ebbd32d253905
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403240
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69821}
This is a reland of 6798619a69
Original change's description:
> [d8] Add d8 global variable
>
> - Add a a "d8" global variable where d8 can provide helpers.
> This in in preparation of adding d8.log for testing our log parsers
> written in JavaScript.
>
> - Separate d8 helper creation into individual functions.
>
> Bug: v8:1064
> Change-Id: I84e434452463afb93ae403f890d8841b20b00703
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400990
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69801}
TBR=verwaest@chromium.org
Bug: v8:1064
Change-Id: I656d550b5ec87dc52dbe6cbbdddf7151ce25031f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403247
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69819}
This reflects the change made in chrome:
https://chromium-review.googlesource.com/c/chromium/src/+/2387554
I somehow thoughts that DefaultJob didn't need the fence, but
TSAN detected the same kind of failures after
9e8c54f830 started using AcquireTaskId.
Drive-by: move delegate outside the loop in Join() to avoid releasing
the task_id many times.
Change-Id: I2ab6bf1bd3eeb7a66e39f20a7e0aa61a9c1ebc44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401964
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69818}
This reverts commit e8976cf93a.
Reason for revert: Mark f32x4_cmp as fail, lowering is not fully implemented yet.
Original change's description:
> Revert "[wasm-simd] Stage SIMD"
>
> This reverts commit 1d2726dd0b.
>
> Reason for revert: ODROID failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/15814?
>
> Original change's description:
> > [wasm-simd] Stage SIMD
> >
> > SIMD has been pretty stable for a while now, we are not expecting big
> > changes (like opcode renumbers), there might be new instructions added,
> > and they will all be backwards-compatible.
> >
> > The reference interpreter in the SIMD proposal is now capable of
> > generating JS files for all test cases, so we can now run them.
> >
> > There is a bit of tweaking necessary, since SIMD tests are in
> > tests/core/simd subfolder in the spec, so we need to change the glob
> > into a find that will traverse into subdirectory.
> >
> > Bug: v8:10835
> > Change-Id: I1f7e3cf37f21b2aa2537d1e34242da2373bbf626
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378587
> > Commit-Queue: Zhi An Ng <zhin@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#69793}
>
> TBR=bbudge@chromium.org,ahaas@chromium.org,zhin@chromium.org
>
> Change-Id: I3a90c616109ca048691d97ab45698bc15a678e18
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:10835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402379
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69794}
TBR=bbudge@chromium.org,ahaas@chromium.org,zhin@chromium.org,syg@chromium.org
# Not skipping CQ checks because this is a reland.
Bug: v8:10835
Change-Id: I3d87dd2adba6ada2ec3ebf5e13bff378a74b03e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402386
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69817}
This is the final part of the tier-up commit series. It implements:
- A prologue in NCI code objects that checks and acts upon the
optimization marker.
- Currently, handling is deferred to the InterpreterEntryTrampoline
but this will change in the future.
- The lifecycle is otherwise like Ignition-to-Turbofan; the runtime
profiler marks a function for optimization, the next call to that
function triggers optimization by calling into runtime, and the
finished code object is installed both on the JSFunction and the
optimized code cache.
- The feedback vector's kOptimizedCodeWeakOrSmiOffset slot is
currently reused for the mid-to-top tier up.
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:8888
Change-Id: Iff50b05ddcc68b25d7ed0f1e0d20af076a1522a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361466
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69808}
- Simplify some macros.
- Simplify some handle creations.
- Make various accessors more uniform.
- Remove leftover assumptions about serialized children.
Change-Id: Iee2951065c442aba1b479a48de33f0b8e0c7b057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402033
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69807}
This reverts https://chromium-review.googlesource.com/c/v8/v8/+/2372545
in favour of different solution. In order to simulate filling up a page,
it's not suitable to look at the limit() since there might be observers
that have lowered it, so the page will not actually be full.
Instead, let's relax the CHECK() in CreatePadding() to not look at the
limit() but all available space.
For instance, the test-heap/Regress978156 cctest uses FillCurrentPage()
to fill the current page. However if there's an observer on the current
page, it will not be filled entirely and the test will fail. This works
because by default, when the new space is empty, the scavenger observer
happens to be on the second page of the space. However if one changes
the V8 page size to 512k, then it fails.
This can be reproduced as such:
# Make sure the scavenge trigger is on the first page.
./cctest test-heap/Regress978156 --scavenge-task-trigger=10
# Stress marking adds random observers to trigger incremental
# marking.
./cctest test-heap/Regress978156 --stress-marking=100
This issue also causes crashes when using the %SimulateNewspaceFull()
runtime test function, as found by fuzzing and you can find more details
in the bug.
Bug: v8:10808, v8:9906, chromium:1122848
Change-Id: Ie043ae0a1d3754d2423cb5d97f2b3e1ee860e5c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401427
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#69805}
